This was on a website I had to work on. It seems to me its a horrible idea, but I was hoping to get other input before I told them it was.
var url = 'https://www.otherdomain.com/magic_php_file.php'; document.write('<script>jQuery( "#div" ).load( "' + url + '" );<\/script>’);
The document.write happens on a domain different than otherdomain.com, so I am under the impression this is a cross-site scripting hole that they have created. My concerns were XSS and access to cookies, can anyone else help me understand any issues other than those and using document.write & load is bad. Thanks!